Cisco has released its latest semi-annual Security Advisory Bundled Publication. It detailed eight vulnerabilities affecting its IOS and IOS XE operating systems, among them CVE-2023-20109, an out-of-bounds write issue which earned a 6.6 “Medium” severity score.
A vulnerability affecting Cisco operating systems could enable attackers to take full control of affected devices, execute arbitrary code, and cause reloads that trigger denial of service (DoS) conditions.
According to Cisco’s security advisory, CVE-2023-20109 has already been the object of at least one attempted exploitation in the wild.
CVE-2023-20109 affects Cisco’s VPN feature, Group Encrypted Transport VPN (GET VPN). GET VPN works within unicast or multicast environments by establishing a rotating set of encryption keys, shared within a group, where any group member can encrypt or decrypt data without need for a direct point-to-point connection.
Should an attacker have already infiltrated a private network environment of this sort, they could exploit it in one of two ways. They can either compromise the key server and alter packets sent to group members, or they can build and install their own key server and reconfigure group members to communicate with it instead of the true key server.
- Cisco IOS XE Software Web UI Command Injection Vulnerability – CVE-2023-20231
- Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability – CVE-2023-20226
- Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability – CVE-2023-20187
- Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability – CVE-2023-20033
- Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability – CVE-2023-20227
- Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability – CVE-2023-20186
- Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability – CVE-2023-20109
- Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability – CVE-2023-20202